Bug 122149 - RFE: Yum should default to checkgpg=1
Summary: RFE: Yum should default to checkgpg=1
Alias: None
Product: Fedora
Classification: Fedora
Component: yum   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2004-04-30 22:01 UTC by William Hooper
Modified: 2014-01-21 22:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-04 13:31:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description William Hooper 2004-04-30 22:01:40 UTC
To be consistent with up2date, yum should be configured OOTB to check
GPG keys.

Comment 1 Seth Vidal 2004-05-01 00:56:53 UTC
This is me giving the big non-committal shrug.

if that's what red hat wishes to do with the fedora package of yum
that's fine by me.

it's a config file change.

Comment 2 Alan Cox 2004-05-02 22:26:28 UTC
I definitely think it should default safe. Even if it then points the
user at a URL about keys and stuff, it should stop errors first IMHO

Comment 3 Jeff Johnson 2004-05-04 13:31:40 UTC
While I agree the default should be "safe", I see no
reason to diverge from upstream. yum is installing packages well,
adding key ring management to that task will decrease reliability.

Comment 4 William Hooper 2004-05-04 14:40:21 UTC
I'm not sure I understand Comment #3.  Yum already has GPG key
checking included (via the RPM database, like up2date), it is just not
configured to use it by default.

Comment 5 Seth Vidal 2004-05-05 02:14:13 UTC
I'm fine with gpgcheck=1 being on in yum. Installing keys is not
difficult, there are LOTS of instructions for how to do it and yum
exits reasonably nicely with an error about how the user should either
install the right keys or disable gpgcheck=1.

I agree that gpgchecks are a good idea, I'm just not sure how much
they matter considering users don't pay attention to them anyway..

Note You need to log in before you can comment on or make changes to this bug.